Description
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
Published: 2026-05-20
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection vulnerability in HP Linux Imaging and Printing Software enables an attacker to execute arbitrary system commands. The flaw, classified as CWE-77, can allow a malicious user to run commands with the privileges of the imaging service, potentially escalating to root and gaining full system control. The vulnerability is specifically identified as a potential escalation of privileges and/or arbitrary code execution via operating system command injection.

Affected Systems

The HP Linux Imaging and Printing Software product distributed by HP Inc. on Linux platforms is affected. No specific version information is disclosed, so all deployed instances should be examined for this risk.

Risk and Exploitability

The vulnerability scores a CVSS of 8.5, indicating high severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred as command injection through the imaging service, which could be local or remote depending on how the service is exposed. The high CVSS score combined with the potential for arbitrary code execution represents a serious risk if exploited.

Generated by OpenCVE AI on May 20, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the HP Linux Imaging and Printing Software to the latest version that contains the command injection fix as released by HP.
  • When no update is immediately available, reconfigure the imaging service to run under a dedicated low‑privilege user account and disable any ability to launch arbitrary system commands.
  • Enable audit logging for the imaging service and monitor logs for unexpected command executions, applying strict alerting on suspicious activity.
  • Implement SELinux or AppArmor confinement policies for the imaging service to restrict its access to privileged commands and files.

Generated by OpenCVE AI on May 20, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp linux Imaging And Printing
Vendors & Products Hp
Hp linux Imaging And Printing

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
Title HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution
First Time appeared Hp Inc
Hp Inc hp Linux Imaging And Printing Software
Weaknesses CWE-77
CPEs cpe:2.3:a:hp_inc:hp_linux_imaging_and_printing_software:*:*:linux:*:*:*:*:*
Vendors & Products Hp Inc
Hp Inc hp Linux Imaging And Printing Software
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hp Linux Imaging And Printing
Hp Inc Hp Linux Imaging And Printing Software
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-05-21T13:03:10.536Z

Reserved: 2026-05-14T18:58:14.958Z

Link: CVE-2026-8632

cve-icon Vulnrichment

Updated: 2026-05-21T13:03:07.897Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T21:16:18.233

Modified: 2026-05-21T18:58:59.447

Link: CVE-2026-8632

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:00:05Z

Weaknesses